Executive Summary:
The New York Times was attacked by Chinese hackers that were trying to obtain information about Time’s sources in China. This happened right after a Times article published the net worth of Prime Minister Wen Jiabao’s relatives. The hackers were able to infiltrate the computer system and steal employee passwords which were then used to access personal computers of employees. The passwords had been hashed but were easily cracked using rainbow tables. Investigators currently still do not know how they broke into the computer system but suspect they used spear-phishing attacks. One click on the malicious e-mail attachments and remote access tools could have been installed. The system was first compromised in September but the Times and AT&T didn’t know about attacks initially. When the New York Times received a threat from the Chinese government officials in October, they asked AT&T to monitor the computer system more closely. Unusual activity was discovered. Mandiant was soon hired to deal with the breach and they tracked the movements of the intruders to obtain knowledge of the source of attacks. The attackers used compromised computer systems registered to universities, smaller companies, and Internet service providers and they switched IP addresses continuously to hide the attack source. Although China denies knowledge of the cyber-attacks, a lot of circumstantial evidence suggests they did orchestrate the hack.
Analysis:
The attack possibly could have been detected earlier if AT&T was monitoring the activity on the New York Times’ computer system more closely. It was not a very sophisticated attack and damage could have been mitigated if the New York Times employees had used better passwords. The Times should have had a stricter password policy that required longer and stronger passwords. A minimum length of 12 to 14 characters is preferred for strong passwords, and users should avoid common sequences like ABC or 123456. The passwords shouldn’t be easily cracked by looking at a rainbow table. They should have been encrypted better. Also, the attack might have been prevented if the employees didn’t first click on the phishing email attachments or links. Users can do several things to protect themselves from phishing: 1.Do not click on links if you don’t know the person or are not the intended recipient 2. Make sure the URL within the email is linked to a legitimate site and is not modified 3. Do not open attachments unless you are expecting them (Corporate Computer Security, p. 28).
The New York Times was attacked by Chinese hackers that were trying to obtain information about Time’s sources in China. This happened right after a Times article published the net worth of Prime Minister Wen Jiabao’s relatives. The hackers were able to infiltrate the computer system and steal employee passwords which were then used to access personal computers of employees. The passwords had been hashed but were easily cracked using rainbow tables. Investigators currently still do not know how they broke into the computer system but suspect they used spear-phishing attacks. One click on the malicious e-mail attachments and remote access tools could have been installed. The system was first compromised in September but the Times and AT&T didn’t know about attacks initially. When the New York Times received a threat from the Chinese government officials in October, they asked AT&T to monitor the computer system more closely. Unusual activity was discovered. Mandiant was soon hired to deal with the breach and they tracked the movements of the intruders to obtain knowledge of the source of attacks. The attackers used compromised computer systems registered to universities, smaller companies, and Internet service providers and they switched IP addresses continuously to hide the attack source. Although China denies knowledge of the cyber-attacks, a lot of circumstantial evidence suggests they did orchestrate the hack.
Analysis:
The attack possibly could have been detected earlier if AT&T was monitoring the activity on the New York Times’ computer system more closely. It was not a very sophisticated attack and damage could have been mitigated if the New York Times employees had used better passwords. The Times should have had a stricter password policy that required longer and stronger passwords. A minimum length of 12 to 14 characters is preferred for strong passwords, and users should avoid common sequences like ABC or 123456. The passwords shouldn’t be easily cracked by looking at a rainbow table. They should have been encrypted better. Also, the attack might have been prevented if the employees didn’t first click on the phishing email attachments or links. Users can do several things to protect themselves from phishing: 1.Do not click on links if you don’t know the person or are not the intended recipient 2. Make sure the URL within the email is linked to a legitimate site and is not modified 3. Do not open attachments unless you are expecting them (Corporate Computer Security, p. 28).